E-mail addresses aren't required, though names and home addresses are.

Share this story

If you’re one of the many people filing comments on the Federal Communications Commission plan to gut net neutrality rules, be aware that your e-mail address and any other information you submit could be made public.

There’s nothing nefarious going on, but the FCC’s privacy policy could lead people to believe that e-mail addresses will be kept secret if they file comments on FCC proceedings. The commission’s privacy policy has a section titled “Comments,” which says the following (emphasis ours):

Prior to commenting, you will be prompted to login, either by providing your e-mail address, or by linking your comment to an existing account on a popular website such as Google, Facebook, Flickr, Instagram or Twitter. While your e-mail address will not be made public, if you login with a social media service, your picture, as well as a link to your profile will be posted alongside your comment.

However, this privacy policy applies not to comments on FCC proceedings but to comments on blog posts, such as those posted by Chairman Ajit Pai. When you go to submit comments on the net neutrality plan—or any other FCC proceeding—you are told the following: “You are filing a document into an official FCC proceeding. All information submitted, including names and addresses, will be publicly available via the web.”

Unlike name and home address, e-mail address is not a required field. But if you submit an e-mail—which allows you to get an e-mail confirmation that your comment was received—it would be made public.

This isn't a new policy, and it applies to all proceedings, not just the net neutrality one. But with the net neutrality plan attracting more comments than any previous FCC proposal in history (nearly 5 million so far), it's a good time to go over what information is made public when you file comments.

Conservative group used e-mails in analysis of comments

It wouldn’t be immediately obvious to people perusing the docket that e-mail addresses are being made public. Clicking on comments in the list shows you the commenter’s name and home address, but not e-mail address. But you can find those e-mail addresses by searching the FCC’s API. You can see an example search at this link. People’s e-mail addresses are listed after the term, “contact_email.”

The API is used by anyone who wants to analyze net neutrality comments in bulk. For example, the conservative National Legal and Policy Center (NLPC) recently used names and e-mail addresses when it released an analysis, saying that “One-Fifth of Pro-Net Neutrality FCC Public Comments Are Fake.”

“More than 465,322 pro-net neutrality comment submissions (close to 20 percent of all pro-net neutrality comments filed) were made in which either the filers’ names were being submitted with the e-mail address of an obviously different person or in which the same e-mail address was used to file multiple comments—in some cases thousands of times,” the group said.

Further Reading

Pro-net neutrality group Fight for the Future pointed this out to Ars last week and suggested that the FCC revealing e-mail addresses might violate the FCC’s own privacy policy that says, “your e-mail address will not be made public.”

We contacted the NLPC, and the group confirmed that it “used the publicly available API and you can pull the e-mail addresses through the API.”

We also contacted the FCC, which told us that “the general privacy policy pertains to blog comments, communications and queries with the website, etc. So when you post a comment on the blog, your e-mail address is not revealed. When you communicate with the webmasters, your e-mail is not publicly revealed.”

By contrast, the warning you get before submitting comments into public dockets that “All information submitted… will be publicly available via the web” should make it clear to people that their e-mail addresses will be made public if they choose to submit them, the FCC says.

In the comment system, “it’s clearly disclosed that all information submitted will become public—and in the review screen where you verify information before final submission, the warning appears again, along with the information you have submitted, including your e-mail address if you have provided it. The e-mail address is not a required field though,” an FCC spokesperson said.

“Confusing, but probably unintentional”

Still, Fight for the Future Campaign Director Evan Greer thinks the FCC’s general privacy policy could be more clear about the fact that its promise of e-mail address confidentiality does not apply to the comment system.

“This strikes me as confusing, but probably unintentional,” Greer told Ars. “That said, if the result is that millions of people's e-mail addresses are exposed without them realizing that is going to happen, that seems pretty bad and like something they should be concerned about. It seems like it would be worth them updating their privacy policy and/or making it more clear on the comment submission form that your e-mail address will be visible.”

Further Reading

Separately, Fight for the Future has been trying to convince the FCC to remove anti-net neutrality comments that were submitted by spam bots and attached to names and addresses drawn from data breaches. Victims of this impersonation sent a letter to Pai urging him to take action, but there has been no change.

So far, 4.98 million comments have been filed on the net neutrality proceeding. The FCC is taking comments until August 16 and will make a final decision sometime after that.

As a side note, the FCC’s main page for directing people to the net neutrality docket had a broken link at the top for at least a few days. If you had clicked the link that’s supposed to go to the docket, you would instead have gotten a “Page not found” error. We notified the FCC public relations team about this five days ago and again today, and it has finally been fixed.

Promoted Comments

When you go to submit comments on the net neutrality plan—or any other FCC proceeding—you are told the following: “You are filing a document into an official FCC proceeding. All information submitted, including names and addresses, will be publicly available via the web.”

I am not thrilled that my email is easily accessible in an API viewable format, but as the article (quoted above) says, it's not like it's kept as some sort of secret. I was very aware when I submitted my comments (both this time AND the last several ) that I was signing my comment with name/address/email.

I wouldn't be so pissed about it if Pai would strip the bot comments/submissions from the page, because at least then we would have an accurate attribution for the comments and their weight.

I doubt the enemies of net neutrality are going to want to piss off net neutrality proponents unless they want major headaches for themselves. That being said there is nothing checking that your address is valid.

I wonder how many people have effectively doxxed themselves as a result?

A name, address and email address is more than enough information for abuse. While I understand the argument towards petitions like this being public, there should be some form of control over this data.

So, in order to act on my own best interests, I am required to make my physical address accessible to Ajit Pai. A person who is well known for sneaking into houses at night, kidnapping babies, and devouring them?

So, in order to act on my own best interests, I am required to make my physical address accessible to Ajit Pai. A person who is well known for sneaking into houses at night, kidnapping babies, and devouring them?

Maybe I'll just use a business address next time.

Dingos are only known for eating babies, not breaking into homes. He'd have to be something like a rat-dingo hybrid to do both.

So, in order to act on my own best interests, I am required to make my physical address accessible to Ajit Pai. A person who is well known for sneaking into houses at night, kidnapping babies, and devouring them?

Maybe I'll just use a business address next time.

Dingos are only known for eating babies, not breaking into homes. He'd have to be something like a rat-dingo hybrid to do both.

He's an undead dingo the size of a mid-sized sedan that projects some kind of energy field that makes parents forget about their children and police ignore signs of kidnapping or death. He's also been observed to scale the side of buildings to access open windows and apartment patios. Normal dingo limits do not apply. He barely conforms to the mere shape of a dingo.

So, in order to act on my own best interests, I am required to make my physical address accessible to Ajit Pai. A person who is well known for sneaking into houses at night, kidnapping babies, and devouring them?

Maybe I'll just use a business address next time.

Dingos are only known for eating babies, not breaking into homes. He'd have to be something like a rat-dingo hybrid to do both.

i thought it was settled that the rat-dingo hybrid eats anything it wants?

It seems to me that instead of releasing publicly identifiable information (like first names, last names, email address, etc), they should just calculate a hash of the information (so that, for example, you can match up multiple comments from the same person, by matching the hashes), but not publicly publish the identifying information.

Or a UUID assigned to that person by the FCC.

Seems like all that should be public is such a hash or UUID, a zipcode, city, state, and the comment itself.

... by linking your comment to an existing account on a popular website such as Google, Facebook, Flickr, Instagram or Twitter.

WHO in the serious shit would do something as stupid as this?!?!

UPS wants a google/facebook/amazon login for their service.

Please tell me that this is not true.

Many companies are finding it is actually not a bad thing. People are unlikely to remember their ups password but SSO from their default social media account is probably a non-issue. If your service isn't something someone is using on a daily basis it may make sense to SSO from something which is.

... by linking your comment to an existing account on a popular website such as Google, Facebook, Flickr, Instagram or Twitter.

WHO in the serious shit would do something as stupid as this?!?!

UPS wants a google/facebook/amazon login for their service.

Please tell me that this is not true.

Many companies are finding it is actually not a bad thing. People are unlikely to remember their ups password but SSO from their default social media account is probably a non-issue. If your service isn't something someone is using on a daily basis it may make sense to SSO from something which is.

If all they do is SSO then we wouldn't have a problem. But they don't. They are data hoovering. That's the primary incentive to integrate with FB etc... They really don't give a shit about us and our password conveniences.

... by linking your comment to an existing account on a popular website such as Google, Facebook, Flickr, Instagram or Twitter.

WHO in the serious shit would do something as stupid as this?!?!

UPS wants a google/facebook/amazon login for their service.

Please tell me that this is not true.

Many companies are finding it is actually not a bad thing. People are unlikely to remember their ups password but SSO from their default social media account is probably a non-issue. If your service isn't something someone is using on a daily basis it may make sense to SSO from something which is.

actually if i did use the amazon login option then my ups account would be protected by 2FA whereas now its not since my amazon account requires 2FA login.

... by linking your comment to an existing account on a popular website such as Google, Facebook, Flickr, Instagram or Twitter.

WHO in the serious shit would do something as stupid as this?!?!

UPS wants a google/facebook/amazon login for their service.

Please tell me that this is not true.

Many companies are finding it is actually not a bad thing. People are unlikely to remember their ups password but SSO from their default social media account is probably a non-issue. If your service isn't something someone is using on a daily basis it may make sense to SSO from something which is.

Personally, I'd like an Oauth SSO from something that is completely separate from my social media accounts. I'm not a huge fan of giving other websites access to my friends list and friends email and the ability to post to my account and monitor my facebook posts, just so that I can login. That's why I don't usually use FB or Google login - it grants them way, way more access, typically, than they ever need nor than I want.

... by linking your comment to an existing account on a popular website such as Google, Facebook, Flickr, Instagram or Twitter.

WHO in the serious shit would do something as stupid as this?!?!

UPS wants a google/facebook/amazon login for their service.

Please tell me that this is not true.

Many companies are finding it is actually not a bad thing. People are unlikely to remember their ups password but SSO from their default social media account is probably a non-issue. If your service isn't something someone is using on a daily basis it may make sense to SSO from something which is.

If all they do is SSO then we wouldn't have a problem. But they don't. They are data hoovering. That's the primary incentive to integrate with FB etc... They really don't give a shit about us and our password conveniences.

Well there isn't much UPS can data hoover from a facebook SSO login. Not beyond what you would already given them to create a valid internal account.

On edit: just saw they ask for access to friends list which is I agree shady. The google and amazon SSO data transfer are more restricted.

When you go to submit comments on the net neutrality plan—or any other FCC proceeding—you are told the following: “You are filing a document into an official FCC proceeding. All information submitted, including names and addresses, will be publicly available via the web.”

I am not thrilled that my email is easily accessible in an API viewable format, but as the article (quoted above) says, it's not like it's kept as some sort of secret. I was very aware when I submitted my comments (both this time AND the last several ) that I was signing my comment with name/address/email.

I wouldn't be so pissed about it if Pai would strip the bot comments/submissions from the page, because at least then we would have an accurate attribution for the comments and their weight.

When you go to submit comments on the net neutrality plan—or any other FCC proceeding—you are told the following: “You are filing a document into an official FCC proceeding. All information submitted, including names and addresses, will be publicly available via the web.”

I am not thrilled that my email is easily accessible in an API viewable format, but as the article (quoted above) says, it's not like it's kept as some sort of secret. I was very aware when I submitted my comments (both this time AND the last several ) that I was signing my comment with name/address/email.

I wouldn't be so pissed about it if Pai would strip the bot comments/submissions from the page, because at least then we would have an accurate attribution for the comments and their weight.

This is why I've always used my PO box address to file comments, or indeed any communication with the government. (or Quango, which is why my feud with Nominet 3 years ago (over their 'verification requirement' for UK domains) was important.)

“More than 465,322 pro-net neutrality comment submissions (close to 20 percent of all pro-net neutrality comments filed) were made in which either the filers’ names were being submitted with the e-mail address of an obviously different person or in which the same e-mail address was used to file multiple comments—in some cases thousands of times,”

Interesting how they call out every submission solicited by the EFF as fake, but say nothing of the anti-net neutrality comments.

Also, their methodology seems awfully suspect. Calling out people for using throwaway of fake email addresses is one thing, but cherry-picking one or two examples of "Googling 'Person Name' 'City Name' didn't give us results we liked" doesn't exactly qualify as rigorous analysis.

So, in order to act on my own best interests, I am required to make my physical address accessible to Ajit Pai. A person who is well known for sneaking into houses at night, kidnapping babies, and devouring them?

Maybe I'll just use a business address next time.

Funny how something 100% false, idiotic and not funny gets popular on this site while insightful comments get downvoted if they are even close to off topic? Well you are obviously off topic and look at your bullshit being popular...

It's not idiotic, and it's funny! Your just sour (and wrong), which strongly indicates that you're a Republican.Please confirm: Are you a Republican? If so, all Arsians a called to exercise their patriotic duty and downvote you.

So, in order to act on my own best interests, I am required to make my physical address accessible to Ajit Pai. A person who is well known for sneaking into houses at night, kidnapping babies, and devouring them?

Maybe I'll just use a business address next time.

Funny how something 100% false, idiotic and not funny gets popular on this site while insightful comments get downvoted if they are even close to off topic? Well you are obviously off topic and look at your bullshit being popular...

So, in order to act on my own best interests, I am required to make my physical address accessible to Ajit Pai. A person who is well known for sneaking into houses at night, kidnapping babies, and devouring them?

Maybe I'll just use a business address next time.

Funny how something 100% false, idiotic and not funny gets popular on this site while insightful comments get downvoted if they are even close to off topic? Well you are obviously off topic and look at your bullshit being popular...

It's not idiotic, and it's funny! Your just sour (and wrong), which strongly indicates that you're a Republican.Please confirm: Are you a Republican? If so, all Arsians a called to exercise their patriotic duty and downvote you.

Speaking as someone who up-voted the original post and down-voted the response, this troll V troll BS is tiresome.

I sent in FCC comment is full support of the FCC getting rid of Classs 2 Net Neutrality rules and going back to how the internet operated before 2012. While I forgot which email address I used it should be scottivlow something. I now every reader of Ars Technica and every other Tech media website is in full blown in keeping with Net Neutrality rules. You can send me all your hate mail to me at scottivlow_68@msn.com.This email was already hacked so so what.